Re: “Building a Secure Software Supply Chain with GNU Guix”

[Maxime Devos]

Ludovic Courtès schreef op ma 18-07-2022 om 10:45 [+0200]:
> The model here is that users trust authorized committers.  When you
> think about it, there’s no way around it, because at the end of the
> day, you’re installing software that an authorized committer added to
> the channel.

FWIW, something I haven't seen mentioned yet is that the trust problem
could be reduced by some kind of multisig system, where multiple
independent persons would need to sign the commit for it to be
accepted, though that might be technically hard to implement and
probably be too people-time-expensive currently.

Greetings,
Maxime.